Using Meantime to Recovery as a Mitigation and Planning Tool

Advisory Details

  • Issue Date:

    October 19, 2022

  • Importance

    Information Only

  • Summary

    Using Meantime to Recovery as a mitigation and planning tool

  • Systems Impacted

    All OT systems impacting business continuity or normal operation in the event of a cyberattack.

Meantime to recovery (MTTR) calculations and evaluations can proactively identify your greatest business risks and help to mitigate them before a vulnerability is exploited or recovery is required.

Experts in OT Cybersecurity must participate in MTTR evaluations to achieve usable results. While the accuracy of labor and costs can be debated, category prioritization to mitigate the impacts should remain consistent. Beyond the number of systems planned for recovery there are additional considerations to reach these priorities minimally including:

  • Resources and communication channels available and planned for recovery efforts
  • Resilience, Disaster Recovery and Business Continuity understanding and preparedness
  • Completeness and accuracy of the assets inventory and installation details
  • Backup types, location, accuracy, and availability including access times
  • Recovery time, verification, testing, and approvals required

When properly executed, MTTR calculations should return the following results:

  • Representative duration, labor, and costs associated with recovery from a cybersecurity event
  • Segregation between business continuity and return to normal scenarios
  • Recommendations to reduce the organization’s exposure before an event occurs

Actions and/or Recommendations

  • Evaluate your current business exposure should a cyberattack occur
  • Develop recommendations for improvements before an event occurs
  • Develop recommendations to improve business continuity and recovery after an event occurs
  • To find out more about MTTR, visit Mangan Cybersecurity at:

About REAL Matters and Mangan Inc.

REAL Matters advisories are published to communicate cybersecurity threats and risks within the Operational Technology (OT) environment and where Critical Infrastructure vulnerabilities are identified. The purpose of this newsletter is to inform, propose suggested approaches to mitigate the risk as well as provide feedback on how Mangan Cybersecurity is approaching the issue(s) addressed.

Mangan Inc. is a nationally-recognized Specialty Engineering, Automation, and Integration company, providing a full-range of services to the Oil & Gas, Refining, Pipeline, Chemicals, and Life Sciences Industries. Established in Long Beach, California in 1990, Mangan’s multiple office locations include sites in California, Georgia, New Hampshire, North Carolina, Texas, and Louisiana. Mangan’s 350+ employee-owners bring expertise, innovation, and safety as their core mission to some of the largest companies in the world.

Scroll to Top